From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_20,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 101deb,f96f757d5586710a X-Google-Attributes: gid101deb,public X-Google-Thread: f43e6,5ac12f5a60b1bfe X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,5ac12f5a60b1bfe X-Google-Attributes: gid103376,public From: Lloyd Fischer Subject: Re: Ariane 5 - not an exception? Date: 1996/07/30 Message-ID: <31FE054D.6CE1@dvcorp.com>#1/1 X-Deja-AN: 171024375 references: <4t9vdg$jfb@goanna.cs.rmit.edu.au> <4tiu6e$kpm@news2.cais.com> content-type: text/plain; charset=us-ascii organization: DataViews Corporation mime-version: 1.0 newsgroups: comp.software-eng,comp.lang.ada,comp.lang.pl1 x-mailer: Mozilla 3.0b5aGold (WinNT; I) Date: 1996-07-30T00:00:00+00:00 List-Id: Bill Angel wrote: > > In article <4t9vdg$jfb@goanna.cs.rmit.edu.au>, > ++ robin wrote: > >In Ariane, both the active processor and the backup failed at > >the same time, because it was a *programming* error that was > >encountered at the same time in both processors, and both > >processors were shut down at the same time by their respective > >error handlers. > > I am under the impression that for the US manned spaceflight > program (to get to the moon) ,an on-board computer that was serving as a > backup to the primary computer would have been performing its computations > using completely different software than the primary computer. By > utilizing this methodology, the same software "glitch" would not halt both > systems simultaneously. Perhaps a group of software developers could be > tasked with producing a version of the on-board software for Ariane in a > different computer language than that used by the primary processor. The > two processors, running simultaneously, would serve to check each other's > results with greater independence that they apparently do now. > > -- Bill Angel A better example is the flight control system for the A320 aircraft. >From memory now: there are 4 flight control computers, each controlling separate hardware. The computers are of two types, with different hardware and software. The designers of each type were completely isolated from the designers of the other. The idea is that the computers battle for control of the plane. If one computer generates completely erroneous controls the other three can completely overpower it. If one, two, or three die there is no problem. I can't recall if the computers have the power to cause the shutdown of an offender and how the handled the 2 vs. 2 problem. If anyone has a spec for the A320 system please pipe in. I'm out of aerospace now and can't just run down to the library. IMHO the ariane, 4 and 5, with two computers running the same software is a systemic error just waiting to happen. -- Lloyd Fischer lloyd@dvcorp.com fischer@crocker.com (home) DataViews Corporation | 47 Pleasant St, Northampton, MA 01060 | from disclaimers import standard Voice 413 586-4144 Fax 413 586-3805 |